Config is double checking blacklists

Glenn Steen glenn.steen at
Wed Aug 23 11:16:22 IST 2006

On 22/08/06, Nigel Kendrick <support-lists at> wrote:
> Hi Folks,
> I noticed we were suddenly getting a lot of our own outbound mail marked as
> spam. The root cause was we'd ended up in CBL due to a mis-configured server
> name, but in sorting this out, I noticed the following info at Spamhaus..
> ===
> Exploits Block List
> The Spamhaus Exploits Block List (XBL) is a realtime database of IP
> addresses of illegal 3rd party exploits, including open proxies (HTTP,
> socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and
> other types of trojan-horse exploits.
> Incorporates CBL data and NJABL proxy data
> The XBL wholly incorporates data from two highly-trusted DNSBL sources, with
> tweaks by Spamhaus to maximise the data efficiency and lower False
> Positives. The main components are:
> - the CBL (Composite Block List) from
> - the NJABL Open Proxy IPs list from
> Mail servers already using should NOT also use
> or you will be making 'double' queries to basically the
> same data source and only one DNSBL will appear to work (the other(s) will
> appear to not catch anything). Mail servers already using
> are advised to continue doing so, as is itself a composite
> list and contains more than the open proxy IPs list part now incorporated in
> XBL.
> ===
> The only reason I point this out is that my installation of MailScanner et.
> Al was originally done using Johnny Hughes' excellent howto and by default,
> the spam checking rules used list both SBL+XBL and CBL, which according to
> the above means we are effectively double-checking and any 'hit' will count
> as 2 towards 'spam lists to be spam'.
> If my assumption is correct, will I be OK to remove SBL+XBL and replace it
> with in order to not check both XBL and CBL?
> Thanks
Wouldn't the natural thing to do be to remove CBL and keep SBL-XBL?
Also, search the mailing list archives, there has been a fair amount
of discussion of where to do rbl checking (MTA, MS or SA) whith some
fairly informed opinions:-).

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list